diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-14 10:58:52 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2024-08-14 10:58:52 +0200 |
commit | 17ad739405152ef25b1d97849469270ddfb2bc1b (patch) | |
tree | 947e6fe2301ecd428050deea629983082bd1331d | |
parent | ae65707649ece09647626b69a19d7fdd0d1ac017 (diff) | |
download | VeraCrypt-17ad739405152ef25b1d97849469270ddfb2bc1b.tar.gz VeraCrypt-17ad739405152ef25b1d97849469270ddfb2bc1b.zip |
Windows: better handling of reading EFI variable to display help error messages in case of failure.
Now we accept the possibility of BootOrder EFI variable to be empty in order to try to solve issues on some PCs.
-rw-r--r-- | src/Common/BootEncryption.cpp | 48 |
1 files changed, 44 insertions, 4 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 2be81416..9fdcea29 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -2640,10 +2640,27 @@ namespace VeraCrypt } void EfiBoot::DeleteStartExec(uint16 statrtOrderNum, wchar_t* type) { - SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE); + DWORD dwLastError; + BOOL bPrivilegesSet = IsPrivilegeEnabled (SE_SYSTEM_ENVIRONMENT_NAME); + if (!bPrivilegesSet && !SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE)) + { + dwLastError = GetLastError(); + wchar_t szMsg[128]; + StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to set SE_SYSTEM_ENVIRONMENT_NAME privilege (error code 0x.8X)", dwLastError); + throw ErrorException(szMsg, SRC_POS); + } // Check EFI if (!IsEfiBoot()) { - throw ErrorException(L"can not detect EFI environment", SRC_POS); + dwLastError = GetLastError(); + if (dwLastError != ERROR_SUCCESS) + { + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); + // format message to append the error code to the exception message + wchar_t szMsg[128]; + StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x.8X)", dwLastError); + throw ErrorException(szMsg, SRC_POS); + } } wchar_t varName[256]; StringCchPrintfW(varName, ARRAYSIZE (varName), L"%s%04X", type == NULL ? L"Boot" : type, statrtOrderNum); @@ -2686,13 +2703,33 @@ namespace VeraCrypt SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, startOrder, 0); } } + + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); } void EfiBoot::SetStartExec(wstring description, wstring execPath, bool setBootEntry, bool forceFirstBootEntry, bool setBootNext, uint16 statrtOrderNum , wchar_t* type, uint32 attr) { - SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE); + DWORD dwLastError; + BOOL bPrivilegesSet = IsPrivilegeEnabled (SE_SYSTEM_ENVIRONMENT_NAME); + if (!bPrivilegesSet && !SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, TRUE)) + { + dwLastError = GetLastError(); + wchar_t szMsg[128]; + StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to set SE_SYSTEM_ENVIRONMENT_NAME privilege (error code 0x.8X)", dwLastError); + throw ErrorException(szMsg, SRC_POS); + } // Check EFI if (!IsEfiBoot()) { - throw ErrorException(L"can not detect EFI environment", SRC_POS); + dwLastError = GetLastError(); + if (dwLastError != ERROR_SUCCESS) + { + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); + // format message to append the error code to the exception message + wchar_t szMsg[1024]; + StringCbPrintfW(szMsg, ARRAYSIZE(szMsg), L"Failed to detect EFI environment (error code 0x.8X)", dwLastError); + throw ErrorException(szMsg, SRC_POS); + } } if (bDeviceInfoValid) @@ -2866,6 +2903,9 @@ namespace VeraCrypt SetFirmwareEnvironmentVariable(next.c_str(), EfiVarGuid, &statrtOrderNum, 2); } + + if (!bPrivilegesSet) + SetPrivilege(SE_SYSTEM_ENVIRONMENT_NAME, FALSE); } bool EfiBoot::CompareFiles (const wchar_t* fileName1, const wchar_t* fileName2) |